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(57) Abstract: An access system (ACC1) for relating 
service providers (SPl -SPn) to users (Ull-Uml) includes 
an edge access server (EAS) connecting the service providers 
and penults (Pl-Pk) connecting the users. User devices 
(UD11-UD14) are connected via VLAN:s to a user port 
(UP11) on the penult. The edge access server has service 
agents (SAl-SAn), an administrator (AD1) and a broadcast 
handler (BHl), which forms a handling system together 
with handlers (Hl-Hk) in the penults. A user (Ull) decision 
including VLAN, service (SPl) and user port (UP11) is sent 
to the administrator (AD1), which dynamically allocates to 
the relevant service agent (SA1) a MAC address, defining 
a relation (Rll). A user device (UD11) broadcasts a DHCP 
request unicasted together with user port (UP11) to the 
broadcast handler (BHl). The user device (UD11) gets its IP 
address and IP address to the service agent (SA1). The device 
(UD11) broadcasts an ARP request which is unicasted by 
the penult (PI), to get the MAC address to the service agent 
(SA1). The relations (Rll, R21) are secure and can easily 
be controlled. 



ACC1 




^PvEGkl 



WO 03/06782 1 A 1 IIIIIIIIIIIM 



Published: 

with international search report 



For two-letter codes and other abbreviations, refer to the "Guid- 
ance Notes on Codes and Abbreviations" appearing at the begin- 
ning of each regular issue of the PCT Gazette. 



WO 03/067821 



PCT/SE02/00226 



METHOD AND SYSTEM FOR RELATING SERVICE PROVIDERS TO CLIENTS, 
IN AN ACCESS NETWORK, USING DYNAMICALLY ALLOCATED MAC ADRESSES 

TECHNICAL FIELD OF THE INVENTION 

The present invention relates to a multiservice Ethernet 
access system and methods of establishing service access 
5 relations in the system. 

DESCRIPTION OF RELATED ART 

Ethernet has been developed mainly as a LAN (Local Area 
Network) technology, aiming to provide an efficient 
infrastructure for data networks within a company. 

10 Originally it was developed for moderate speed shared media, 
but current technology applies mainly to point-to-point 
links up to 10 Gbit/s, interconnected by high capacity 
Ethernet switches, supporting virtual LAN, VLAN, as 
described in the standard IEEE .802. lq. A virtual LAN is a 

15 group of system, such as computers in a workgroup, that need 
to communicate with each other, and protocols that restrict 
the delivery of VLAN frames to members of the VLAN. 

A LAN can be partitioned into multiple VLAN:s, where each 
VLAN is assigned a number called a VLAN identifier that 
20 identifies it uniquely within the LAN. A LAN contains at 
least one VLAN, the default VLAN. 

Switches contain advanced self learning features and 
broadcast behaviour, which are well suited for the building 
of for example a corporate network, supporting a number of 
25 user groups. 

However, in public service structures different requirements 
are put with respect to security, scaling and chargeability 
of services. In the public network, each user would ideally 
have his own completely isolated set of work groups 
30 available. A particular problem is then that the number of 
available VLAN tags, each tag defining a user, is limited to 
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a number 4096, which is far from enough to serve hundreds of 
thosands of users. 

In the international patent application No. WO 00/77983 is 
descibed a telecommunications system in which users can 
5 select services. Service networks and users are connected to 
a switched domain. The service networks are arranged into 
groups and each group is allocated a VLAN by konfiguring the 
ports in the switches. The users can select services by 
configuring their apparatuses to a selected one of the 
10 VLAN:s. 

In the international patent application No. WO 00/79830 is 
described a telecommunication system in which users can 
select services. A switched domain has switches to which 
service providers and network terminals are connected. The 
15 switches have a user port connected to an uplink port in the 
network terminal. The user port is configured for the 
different service providers and the network terminals have 
corresponding service ports. The service ports corresponding 
to predetermined ones of the services are configured. 

20 In these two applications the number of users is restricted. 

In the European patent application EP 1045553 A2 is 
disclosed VLAN bridging of a network. The network has nodes 
for changing of addresses. A user sending a message via the 
network addresses it to a receiver. When the message reaches 
25 one of the network nodes the receiver address is changed 
into a temporary address for the network. This address is 
changed back when the message leaves the network via another 
of the network nodes. 

SUMMARY OF THE INVENTION 

30 The present invention is concerned with a problem how to 
create a multiservice access system with ethernet technology 
for a practically unrestricted number of users. 
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Another problem is how to offer the users sevices via the 
system, a number of the services practically covering all 
offered services. 

A further problem is how to offer secure service bindings 
5 between the users and the service providers. 

Still a problem is how to establish the service bindings as 
unicast bindings. 

Still another problem is how to establish the service 
bindings as multicast bindings. 

10 Yet another problem is how to control the traffic in the 
system. 

The problem is solved by an access system including a node, 
called an edge access server, for connecting the service 
providers and a node, called a penult, for connecting the 

15 users, the nodes being interconnected by an arrangement 
supporting exchanging of Ethernet frames. The edge access 
server has service agents for the connecting of the service 
providers and the penults have user ports for connection to 
user networks. In a unicast case secure individual service 

2 0 access relations are provided in the access system, each 
relation being provided between one of the service agents 
and one of the user ports. In a multicast case the service 
access relations are provided between one of the service 
agents and a plurality of the user ports. The relation is 

25 extended for connecting of the user networks. 

Somewhat more in detail the user ports are designed for 
connecting of the user networks, which have each one 
Ethernet LAN with at least one VLAN. Each service access 
relation has a dynamically assigned MAC address assigned to 
30 the relevant one of the service agents. The service access 
relation is in one alternative defined by the dynamically 
assigned MAC address and in an alternative defined by the 
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MAC address in combination with a further identifier. The 
service access relation is bound to one of the user ports 
and, in the multicast case, bound to a plurality of the user 
ports. The access system has a broadcast handler system and 
5 broadcast messages involved in service access or service use 
are picked up by this system in the penult hosting the user 
port. Shaping of the traffic is performed with the aid of 
the dynamically assigned MAC address and, where appropriate, 
in combination with the further identifier. 

10 A purpose with the invention is to give a practically 
unrestricted number of users access to services via an 
access system with Ethernet technology. 

Another purpose is that the number of services that can be 
offered simultaneously to a user practically covers all 
15 offered services. 

A further purpose is that sevice access relations between 
service providers and user devices shall be secure 
relations . 

Still a purpose is that Ethernet technology shall be 
20 utilized for establishing service access relations in the 
network. 

Still another purpose is to establish the service access 
relations as either unicast or multicast relations. 

Yet a purpose is to control the traffic in the system. 

25 An advantage with the invention is that a multiservice 
access network for a practically unrestricted number of 
users can be created, using already standardized Ethernet 
technology . 

Another advantage is that that the number of services that 
30 simultaneously can be offered to a user practically covers 
all offered services. 
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A further advantage is that service access relations between 
service providers and users are secure relations. 

Still an advantage is that Ethernet technology is utilized 
for establishing service bindings in the network. 

5 Still another advantage is that the service access relations 
can be established as unicast relations or as multicast 
relations . 

Yet other advantages are that no coordination of VLAN use 
between users is required in the unicast case, standard 
10 Ethernet components can be utilized both in the access 
system and in the user networks and the invention makes 
possible a simple administration and configuration of the 
access network. 

The invention will now be described more in detail with the 
15 aid of embodiments and with reference to the enclosed 
figures . 

BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 shows a block schematic with an overview of an 
access system; 

20 Figure 2 shows a block schematic with more details for the 
access system of figure 1; 

Figure 3a shows a diagram over an ethernet frame; 

Figure 3b shows a diagram over a VLAN tag in the frame; 

Figure 3c shows a diagram over an address field in the 
2 5 frame; 

Figure 4 shows a block schematic over a user in figure 1 
with the user's VLAN:s; 
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Figure 5 shows a block diagram over a register in a 
broadcast handler; 

Figure 6 shows a block schematic over an uplink Ethernet 
frame; 

5 Figures 7 shows a block with addresses; 

Figure 8 shows a block diagram over a register in a handlers- 
Figure 9 shows a flow chart over a method for defining an 
access relation; 

10 Figure 10 shows a flow chart over a DHCP request methods- 
Figure 11 shows a flow chart over an ARP request method; 

Figure 12 shows a block shematic over the access system in a 
multicast situation; and 

Figure 13 shows a flow chart over a multicast method. 

15 

DETAILED DESCRIPTION OF EMBODIMENTS 

Figure 1 shows a multiservice access system ACC1 to which 
users Ull, U12, U13, U21, ... , Uml and service providers SP1, 

20 SP2, SPn are connected. An objective is to build the 

system such that the number of the users Ull ... Uml can be 
very great, e.g. in the range of several hundred thousands 
users. Another objective is that the number of the service 
providers SP1 ... SPn, that each user can utilize, also is a 

25 great number, e.g. in the range of thousands of services. 
The access system ACC1 includes nodes PI, P2 ... Pk, to which 
the users are connected with the aid of Ethernet technology. 
The access system also includes a node EAS, to which the 
service providers are connected. The node EAS is connected 

30 to the user's nodes Pl-Pk via a network, which is an 
Ethernet based network ETHl according to the standard IEEE 
802. lq. This network is a large network and has among others 
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a number of VLAN capable Ethernet switches, not shown in the 
figure. The users and the service providers are connected to 
each other by individual service access relations through 
the network ETH1, e.g. a relation Rll for the user Ull and 
5 the service provider SPl. These relations have a guaranteed 
quality of service and are secure in the meaning that only 
the user and the service provider having the relation can 
listen to or else utilize this relation. The relations will 
be described more in detail below. 

10 The embodiment in figure 1 is more closely shown in figure 
2. The nodes Pi, P2, ... Pk of the access system ACC1, 
hereinafter called penults, have user ports UP11, UP12, 
UP13, UP21, ... , UPkl . Each of the user ports are connected 
to each a single one of the users Ull - Uml by wires Wll - 

15 Wkl. The penults PI - Pk have each a handler HI, H2, ... , Hk, 
which administers the user ports on the respective penult. 
The handlers have each a register REG11, REG21,... REGkl. The 
node EAS of the access system ACC1 is an edge access server, 
which in turn includes service agents SA1, SA2, SAn with 

20 each a respective service port PT1, PT2, PTn. The edge 

access server also has interfaces IF1, IF2, IF3,...IFj, an 
administating unit AD1 and a broadcast handler BH1 with a 
register REG1. The units of the edge access server are all 
bound to an Ethernet frame distribution system SW1 . Each of 

25 the service agents are attributed to each a single one of 
the service providers SPl - SPn. The penults are connected 
to the edge access server EAS via the interfaces. The 
handlers Hl-Hk in the penults are bound to the broadcast 
handler BH1 in the edge access server EAS , together forming 

30 a distributed handling system. The users Ull - Uml have each 
a number of user devices and e.g. the user Ull has devices 
UD11, UD12, UD13 and UD14, and the user U12 has devices 
UD21, UD22 and UD23 . 
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As mentioned, the network ETH1 and the users Ull- Uml 
utilize Ethernet technology. The Eternet technology 
therefore will be shortly commented below. 

In figure 3a is shown an Ethernet frame FR1 according to the 
5 standard IEEE802.1q. The frame has a field Dl for a 
destination address and a following field Si for a source 
address. It also has a field Tl for defining a type of 
Ethernet frame. A field VL1 points out which VLAN that is 
concerned and a field EPL1 contains the payload, the message 
10 that is to be transmitted. An address F is reserved as a 
broadcast address . 

In figure 3b the field VLl is shown in some more detail. It 
has 16 bits which includes 3 bits for a priority tag PTG1, 
one indicator bit and 12 bits in a field VTG1 for a VLAN 
15 tag. It is this VLAN tag that points out the specific VLAN 
and as this tag has 12 bits it can distinguish 2 12 =4096 
different VLANs . 

Figure 3c shows the source address field SI, which consists 
of 48 bits. One bit Ll points out whether the address is 

20 locally or globally administrated. One bit Ml points out 
whether the frame FR1 is a multicast frame used for e.g. IP 
multicast messages. The remaining 46 bits in a field ADR1 
are address bits for MAC addresses. Any of the user devices 
has one globally administrated MAC address, which is given 

25 by the manufacturer of the device. The user device UD11 in 
figure 2 for example has an address UMAC1. The MAC address 
is unique for the device. From the description below it 
will also appear that the number of different service 
providers, e.g. among the service providers SP1- SPn, that 

30 can be connected to one and the same of the users, is 
restricted by the number of the VLAN tags, i.e. the number 
2 12 -4096. 
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In figure 4 is shown details how the user devices are 

related to the penult. The figure is a logic view over the 

relations. In the example the user Ull has an Ethernet LAN 

ETH2 containing user VLAN : s with tags TAG1, TAG2 , TAG 3 and 

5 TAG 4 , which LAN is connected to the user port PTll via the 

wire Wll . The user device UD11 is in turn attributed to the 

VLAN with tag TAG1, the device UD12 has the tag TAG2 , the 
device UD13 has both the tags TAG 2 and TAG 3 and the device 
UD14 has the tag TAG 4 . 

10 In a common Ethernet, on one hand, the different 
participants within each VLAN can communicate with each 
other freely and efficiently, which is a basic principle of 
the Ethernet. A first user that wants to contact a second 
user sends broadcast an address resolution protocol ARP 

15 with a request "Who has this IP address?" . Everybody in the 
network can listen and the second user, that has the IP 
address in question, sends back his MAC address to the 
first user. A relation between the users is established. In 
an access system, on the other hand, a fundamental service 

20 is to both enable establishment of service bindings between 
users and service providers and, in such bindings, provide 
a transport service through the access system such that the 
service can be delivered to the user with high security and 
without any quality degradation. In a multi-service, multi 

25 service provider scenario several such bindings must be 
possible for each user at any given point in time, without 
interference between the bindings or between bindings for 
different users. In the present description will be 
disclosed how a multiservice access system, e.g. the access 

30 system ACC1, will fullfill these requirements on the 
services using Ethernet technology. 

To get the access network ACC1 to work, first the users 
decide which services they select and which VLAN they 
decide for a certain of the services. Each user can make 
35 his own decisions for the correspondance between VLAN and 
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service, independently of the other users. In t/he present 
example the user Ull selects the service from the service 
provider SP1 and decides the VLAN with the tag TAG1 for 
this service. The user Ull also selects service from 
5 provider SP2 and decides the VLAN with the tag TAG2 for 
this service. Correspondingly the user Ull selects service 
provider SP3 on the VLAN with the tag TAG 3 and service 
provider SP4 on the VLAN with the tag TAG 4 . Other users can 
select other services and decide other VLAN : s . The user 

10 U12, for example, selects the service from service provider 
SP1 and decides the VLAN with the tag TAG 3 for this 
service. The user U12 also selects service from the service 
provider SP3 and decides the VLAN with the tag TAG1 for 
this service. The users then send their decisions to the 

15 administrative unit AD1 in the edge access server EAS, the 
users defining themselves by their respective user port. 
This sending can be performed by any suitable means, e.g. 
by assigning a web page, by a common letter or by a 
telephone call. The administrative unit AD1 also has the 

20 information about the correspondance between the service 
providers SPl-SPn and the service agents SAl-SAn. The 
administrative unit thus has triplets of information 
containing service agent, VLAN tag and user port. 
Gradually, when the users Ull-Uml send their information, 

25 the administrative unit AD1 will build up the register 
REG1 in the broadcast handler BH1, as shown in figure 5. 
For the different user ports UPll-UPkl corresponding lists 
L11,L12, L13, L21 ... Lkl are created with fields 
corresponding to the VLAN tags. In this fields are written 

30 unique MAC addresses, which are dynamically allocated to 
the different service agent's respective service port by 
the administrative unit AD1. 

In the example above the user Ull selected the service from 
service provider SP1 and decided the VLAN with the tag 
35 TAG1. The administrative unit dynamically allocates a 
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unique MAC address SAMAC1 to the service port PT1 of the 
service agent SA1, connected to the service provider SP1. 
The address is allocated from a set of locally 
administrated addresses, LAA . This address is written on 
5 the list Lll for the user port UPll and in a field pointed 
out by the VLAN tag TAGl . This means that the allocated MAC 
address SAMAC1 is bound to solely one information pair 
which has the user port UPll and the identification tag 
TAGl of the VLAN. Now the relation Rll is defined by the 

10 address SAMAC1 for the service port PT1, the address being 
bound to the user port UPll and the VLAN tag TAGl. It 
should be noted that no other participant but the service 
provider SP1 and the user Ull can utilize the relation Rll. 
Following the above examples, a unique MAC address SAMAC2 

15 is dynamically allocated to the service port PT2 of the 
service agent SA2 and is written in a field defined by the 
VLAN tag TAG2 on the same list Lll. A new relation R21 is 
created, which is defined by the address SAMAC2 and is 
bound to the user port UPll and the VLAN with the tag TAG 2 . 

20 Also a MAC address SAMAC5 is allocated to the service agent 
SA3, service port PT3, in a field with the tag TAG 3 and a 
MAC address SAM AC 6 is allocated to the service agent SA4 , 
service port PT4, in a field with the tag TAG 4 . 

For the user U12 with the user port UP12 a unique MAC 
25 address SAMAC3 is dynamically allocated to the service port 
PT1 of the service agent SA1 and this address is written in 
a field pointed out by the VLAN tag TAG 3 on the list L12- 
For the user U12 also a MAC address SAMAC4 is dynamically 
allocated to the service agent SA3, service port PT3 , and 
30 this address is written in a field pointed out by the VLAN 
tag TAGl on the list L12. 

It appears from the above that, in the embodiment, each of 
the service ports PTl-PTn can get associated with a set of 
the unique MAC addresses for the service agents and that 
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each of these MAC addresses is associated with only one 
particular of the user ports UPll-UPkl. 

The relations between user port and service agent are built 
up as described above and are stored in the register REG1, 
5 but still the user devices can't utilize their respective 
service. It is in fact not even necessary until now that 
the user devices are connected. When the users intend to 
utilize the services they connect their user devices to the 
wires Wll-Wkl via the VLAN : s as is shown by an example in 

10 figure 4 for the user Ull- Then there also must be built up 
a correspondance between IP addresses and MAC addresses. To 
get such a correspondance the conventional DHCP (Dynamic 
Host Configuration Protocol) is used in the present 
embodiment. The DHCP is an example on a more general 

15 service attachment request. By this protocol the different 
user devices will get their default gateway, which is the 
relevant service agent. Then they will also get their 
respective IP address and the IP address to the relevant 
service agent. This is performed in the following manner. 

20 The user device UD11 sends a frame FR2 with the addresses 
and payload as is shown in figure 6. In the destination 
address field Dl the broadcast address F is written. In the 
source address field SI the MAC address UMAC1 for the user 
device UD11 is written and in the VLAN field VL1 the VLAN 

25 tag TAG1 is written, the tag appearing from figure 4. The 
message in the frame FR2 is ''this is a DHCP request". The 
users Ull-Uml are connected via the Ethernet VLANs and have 
no information about the organization of the system ACC1. 
From the horizon of the users they act as if they were 

30 connected to a conventional Ethernet and it is therefore 
the user device UD11 sends the frame FR2 in figure 6 as a 
broadcast request. The aim from the view of the user device 
UD11 is that the broadcast request gives the user the 
identity of the relevant DHCP server. In the embodiment 

35 this sever is the service agent SA1, which has a set of IP 
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addresses that it can allocate- The broadcast request in 
the frame FR2 first is intercepted by the handler HI via 
the user port UP11. The handler HI, that gets the frame FR2 
via the port UP11, adds the identification for this port. 
5 It then packs the port identification together with the 
frame FR2 as a unicast message Ul, see figure 2, and sends 
this message to the broadcast, handler BH1 in the edge 
access server EAS. When getting the message Ul, the 
broadcast handler BH1 looks in its register, the register 

10 REG1 of figure 5. With the aid of the user port UP11 and 
the VLAN tag TAG1 it finds the MAC address SAMAC1 for the 
service agent SA1 . Now the default gateway f the service 
agent SA1, for the user device Ull is found. The user 
device UDll also must be given an IP address itself and an 

15 IP address to its default gateway, which is performed in 
the following manner. The broadcast handler sends the 
request to the found service agent SA1, which now has the 
information as appears from a table TAB1 in figure 7. This 
information is the own port address SAMAC1, the VLAN tag 

20 TAG1 , a subnet mask SMI, the user MAC address UMAC1 and the 
service agent's own IP address. IPSA1. From its set of IP 
addresses the service agent SA1 now allocates an IP address 
IPUDll to the user device UDll, which is associated with 
the content in the table TAB1. In a conventional manner, 

25 according to the DHCP protocol, information is transfered 
back to the user Ull. The DHCP response includes the IP 
address IPSA1 of the service agent as default gateway 
address, the allocated IP address IPUDll and the subnet 
mask SMI. The user device UDll stores the IP address IPSA1 

30 to the service agent SA1, its own IP address IPUDll and the 
subnet mask, as host configuration data in a conventional 
manner . 

In a corresponding manner the other devices of the user Ull 
send their DHCP requests with their MAC addresses and 
35 corresponding VLAN tag, the tags appearing from figure 4. 
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Note that the user device UD13 has to send two DHCP 
requests with the tags TAG2 respective TAG 3 . 

The relation Rll is now established on an IP level. When 
the service agent SA1 gets an IP packet with the address 
5 IPUD11 it finds the information in the table TAB1 and sends 
the packet to the correct receiver with the MAC address 
UMAC1. The user device UD11 also has the IP address IPSA1 
to the service agent, its ''default gateway" . The user 
device UDll utilizes in conventional manner an ARP request 

10 (Address Resolution Protocol) to get a MAC address to the 
IP address IPSA1. The user device UDll therefore transmits 
broadcast the ARP message which is received by the handler 
HI in the penult PI via the user port UP11. The handler 
adds the identification for the user port and sends the 

15 message unicast to the broadcast handler BH1 in the edge 
access server EAS . The broadcast handler looks in its 
register REG1 on the list Lll for the user port UP11. On 
the VLAN tag TAG1 the broadcast handler finds the service 
agent MAC address SAMAC1. It transmits the address SAMAC1 

20 to the handler HI, which in turn responds with the address 
SAMAC1 to the user device UDll. With the aid of the address 
SAMAC1 the user device UDll now can utilize the relation 
Rll and get the service from the service provider SP1. 

In an alternative embodiment the handler HI in the penult 
25 PI successively creates the register REG11, shown in figure 
8. The register REG11 is similar to the register REG1 in 
the broadcast handler BH1. The register REG11 only 
comprises the penult's own user ports UP11, UP12 and UP13 
on respective lists PL11, PL12 and PL13 and the VLAN tags. 
30 When the user device UDll has made the ARP request for the 
first time, as described above, the handler HI gets back 
the MAC address SAMAC1 from the broadcast handler BHl . The 
handler HI then fills in the address SAMAC1 in the register 
REG11. The next time the user device UDll makes the ARP 
35 request, the handler HI first looks in its own register 
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REG11 instead of sending the request to the broadcast 
handler BH1. The handler HI finds the requested address 
SAMAC1 on the VLAN tag TAG1 and sends the address 
immediately back to the user device UD11. 

5 In still an embodiment the register REG11 in the handler HI 
is built up when the register REG1 in the broadcast handler 
BH1 is built up. 

Below will be described a number of alternative 
embodiments . 

10 In the above embodiment is described that a user first made 
the DHCP request via the access system ACC1 to get the IP 
addresses. This request then was followed by the ARP 
request. In an alternative embodiment the configuration is 
performed in an alternative way by alternative means. The 

15 request for the IP addresses can e.g. be performed by so 
called static configuration. After this configuration the 
user device makes the ARP request as described above to get 
the MAC address to its default gateway, the relevant 
service agent. In the same way as described above all ARP 

20 requests from the users, also when not preceeded by a DHCP 
request, will be intercepted by the penult and result in 
the address to the respective default gateway. In this way 
all communication between different users is forced to flow 
to the service agent. It was also described that the 

25 dynamically allocated MAC addresses were locally 
administrated addresses, LAA. An alternative is that a set 
of MAC addresses is bought from the IEEE. 

The service agent successively builds up a list for 
translating between IP addresses and user device MAC 
30 addresses. When it receives a packet it reads the IP 
address and if this address is whitin the service agent's 
own administrated subnet it looks for the IP address and 
finds the user MAC address. The service agent forwards the 
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packet to this user MAC address and packets with any other 
IP address will be forwarded to the service provider. 

In connection with figure 1 and 2 was described that the 
distributed handler system comprised the handler HI in the 
5 penult and the broadcast handler BH1 in the edge access 
server EAS . The penult and the edge access server were 
interconnected by the network ETH1. In an alternative 
embodiment the penult is a unit close to the edge access 
server. The transmission of messages between the penult and 

10 the edge access server is performed by Ethernet frames 
without the interconnecting network ETH1. It is even so 
that the penult can be regarded as a part of the edge 
access server itself. It should be noted that the edge 
access server EAS, the penults Pl-Pk, the handler registers 

15 REG1, REGll-REGkl and other parts of the access system not 
necessarily are physical units. Rather they are functional 
units which can be centralized or distributed depending on 
what is most appropriate in a situation. 

In the embodiment in connection with figure 2 each of the 

20 service access relations was defined by solely one unique 
service agent MAC address, e.g. the relation Rll defined by 
the address SAMAC1. Each of the service agents therefore 
could have a set of different MAC addresses allocated to 
its service agent port, each address for one of the 

25 relations to the respective user port. In an alternative 
embodiment each service agent has only one single service 
agent MAC address for all its different service access 
relations to different of the user ports. The respective 
service access relation is in this embodiment defined by a 

30 complete access relation identifier including the service 
agent MAC address and a further service access relation 
identifier. This further identifier appears from the 
Ethernet header in the transmitted frames. An example on 
such an identifier is the combination of the VLAN tag and 

35 the user device MAC address. 
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With the abovementioned further service access relation 
identifier it is also possible, in an embodiment, that a 
plurality of MAC addresses are allocated to the port of one 
of the service agents. Each of these MAC addresses is then 
5 bound to a set of relations, each of the relations having 
its own further identifier. 

In connection with figure 4 it was described that the user 
Ull had the Ethernet ETH2 with tagged VLAN:s to relate the 
user devices to the penult PI. As an alternative the user 
10 has a port based VLAN with a switch, that reads the tag and 
switches to a port for the relevant user device. Still an 
alternative is that the user has a MAC based VLAN and the 
penult checks that the user MAC address corresponds to the 
VLAN identifier. 

15 In an embodiment the VLAN tag is transmitted from the 
service agent to the penult to transmit a requested service 
to the correct user device. In an alternative embodiment no 
VLAN tag is transmitted to the penult but only the service 
agent MAC address, e.g. SAMAC1 . The penult itself derives 

20 the VLAN identity, e.g. the VLAN tag, from the unique 
service agent MAC address, defining the service access 
relation . 

In connection with figure 2 it was described that the 
service providers SPl-SPn were connected to each one of the 
25 service agents SAl-San. In an alternative a service 
provider can be connected to two or more service agents. 

Above is described the use of DHCP request. For other types 
of services than IP or other types of establishment of a 
relation between a user device and a service agent, other 
30 types of broadcast service attachment requests can be used. 
By the broadcast handler also those alternative requests 
are replied to by a service agent MAC address, which is 
identified in the same way as for the DHCP. As an example 
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can be mentioned the use of PPP over Ethernet, PPPoE, where 
a broadcast PPPoE request will be responded with a service 
agent MAC address to the service agent acting as PPPoE 
server. Also, the ARP request is mentioned above. For other 
5 protocols than the IP protocol similar procedures are 
utilized to bring about address resolution. 

In connection with a flow chart in figure 9 will be 
descibed an overview over the above method of defining the 
service access relations in the multiservice access system 

10 ACC1. In a step 90 one of the users decides one of his 
VLAN:s for one of the services, e.g. the user Ull selects 
the service from the service provider SP1 and decides the 
VLAN with the tag TAG1 for the service. The user sends the 
the decided tag and the selected service together with his 

15 user port UP11 to the administrative unit AD1 in a step 91. 
In a step 92 the administrative unit checks which one of 
the service agents SAl-SAn that corresponds to the selected 
service and finds the service agent SA1 . The administrative 
unit dynamically allocates the unique service agent MAC 

20 address SAMAC1 to the service agent SAl in a step 93. The 
register REG1 is created in the broadcast handler BHl in a 
step 94, in which register the service agent MAC address 
SAMAC1 is related to the user port UP11 and VLAN tag TAG1 . 
Thereby the service access relation Rll is defined, step 

25 95. 

The method of building up the correspondance between IP 
addresses and MAC addresses will be described in short in 
connection with flow charts in figure 10 and figure 11. In 
a first step 100 in figure 10 the handler HI receives the 

30 broadcast DHCP request with the frame FR2 from the user 
device UD11. The frame includes both the user MAC address 
UMAC1 and the VLAN tag TAG1. The handler HI adds the user 
port identification UP11 in a step 101 and in a step 102 
the handler sends the complete message unicast to the 

35 broadcast handler BHl in the edge access server EAS. The 
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broadcast handler notes the user port UP11 and the VLAN tag 
TAG1 in a step 103 and, looking in its register REG1, it 
points out the corresponding unique service agent MAC 
address SAMAC1 in a step 104. In a step 105 the broadcast 
5 handler finds the relevant service agent SA1 . Now the first 
part of the procedure is ready, finding the default 
gateway. Next part is to send IP addresses to the user 
device. In a step 106 the broadcast handler BH1 sends the 
user port and the VLAN tag to the service agent SA1 . In a 

10 step 107 the service agent SAl allocates the IP address 
IPUD11 to the user device UD11. In a conventional manner 
the service agent sends the DHCP response, including the 
own IP address IPSA1 and the allocated IP address IPUDll, 
step 108. In a step 109 the user device stores the received 

15 IP addresses. The relation Rll is now estabished on IP 
level. It should be noted that the procedure described in 
connection with figure 10, finding the default gateway in 
the steps 100 to 105 and the user device receiving the IP 
addresses in the steps 106 to 109, can be performed in 

20 alternative ways. One such way is by the static 
configuration procedure as mentioned above. 

The procedure when the service access relation Rll is 
established in the reverse direction, from the user side to 
the service agent side, will be described shortly in 

25 connection with the flow chart in figure 11. In a first 
step 110 the handler HI in the penult PI receives an ARP 
message from the user device UD11 on the user port UP11. 
The handler adds the port identification in a step 111 and 
in a step 112 the handler HI sends a message, including the 

30 ARP message and the port, unicast to the broadcast handler 
BH1. The broadcast handler looks in the register REG1 for 
the user port UP11 and the VLAN tag TAG1 and finds the 
service agent MAC address SAMAC1, step 113. In a step 114 
the broadcast handler sends the address SAMAC1 to the 

35 handler HI and in a step 115 the handler transmits the 
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address SAMAC1 to the user and the address is received by 
the user device UD11. Alternatively the broadcast handler 
sends the MAC address SAMAC1 to the relevant service agent 
SA1 with an order to transmit the address to the handler 
5 HI . 

The above described arrangements and procedures are related 
to unicast access between the service agents and the user 
ports on the penults. In connection with figure 12 will 
shortly be described an embodiment with multicast access. 

10 Figure 12 shows a somewhat simplified view of figure 2 with 
the access system ACC1 interconnecting the service 
providers SPl-SPn and the users Ull-Uml. The access system 
has, as above, the edge access server EAS and the penults 
Pl-Pk interconnected by the Ethernet network ETH1. In this 

15 network are shown Ethernet switches SW191, SW192 and SW193 
supporting multicast. Also the penults P18, P19 and P20 
support multicast access. In the figure is shown a 
multicast access relation MRU from the service agent SA19 
to the penults P18, P19 and P20. The penult P19 has the 

20 user port UP191 with a connection to the user U191 and the 
user port UP192 connected to the user U192. The penult P20 
has the user port P201 connected to the user U193. The user 
191 has user devices UD191 and UD192 attributed to the user 
port UP191 via a VLAN with a VLAN tag TAG19 and the user 

25 U192 has a user device UD193 attributed to the user port 
UP192, also via the VLAN with the tag TAG19. The user U193 
has a user device UD194 which is attributed to the user 
port UP201, also via the VLAN with the tag TAG19. 

The aim with the multicast access relation MRU is, 
30 naturally, to distribute a service from the service 
provider SP19 via the service agent SA19 to the users. Note 
that this distribution takes place only downstream, from 
the service provider to the users. The distribution is 
performed by branching up the service access relation MRU 
35 in the edge access server, in the switches and in the 



WO 03/067821 



PCT/SE02/00226 



21 

penults. The relation MRU to the users, which utilize the 
service from the provider SP19, is defined by one and the 
same MAC address, in the example a MAC address SAMAC19 
allocated to the service agent SA19 by the administrative 
5 unit AD1 . Each multicast flow from this service agent has a 
specific multicast address to which all participating users 
are listening. In the multicast frames transmitted via the 
relation MRU the multicast bit Ml in figure 3c is set. 
Furthermore, the service from the service provider SP19 is 

10 distributed on one and the same Ethernet LAN, in the 
example the VLAN with the tag TAG19, which is bound to the 
multicast access relation MRU. In the multicast case the 
users can't decide their own VLAN:s for the service, but a 
common decision concerning the VLAN identification must be 

15 made. The establishing of the relation MRU is performed in 
a corresponding way as described above. Also in the 
multicast access case the service agent for a certain 
service can have more than one assigned MAC address, in the 
same way as described above in the unicast case. 

20 In connection with figure 13 will be described an overview 
over a procedure for establishing the multicast access 
relations. In a step 130 the VLAN with the tag TAG 19 for a 
selected service from the service provider SP19 is decided. 
The decision is distributed to the edge access server EAS 

25 and to the users in a step 131. In a step 132 the 
administrative unit AD1 checks which one of the service 
agents SAl-SAn that corresponds to the selected service and 
finds the service agent SA19. The administrative unit ADl 
dynamically allocates the service agent MAC address SAMAC19 

30 to the service agent SA19 in a step 133, this MAC address 
defining the multicast access relation MRU. In a step 134 
the MAC address SAMAC19 is bound to the decided VLAN with 
tag TAG19. In a step 135 the multicast access relation MRU 
is estsblished in a corresponding way as is described for 

35 the unicast relations. In a step 136 the multicast bit Ml 
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is set for frames transmitted over the multicast service 
access relation MRU. 

The services from the service providers SPl-SPn must be 
delivered with a certain quality level. The resources 
5 within the access system ACC1 are however limited,, which 
delimits the quality level. An example on a limited 
resource is the available bandwidth. Many relations, as the 
relation Rll, are to be transmitted via the connections 
between the service agent and a switch, between the switch 

10 and the penult and between the penult and the user VLAN, 
which relations have to share the available bandwidth. The 
quality of service for the relations are deicided in 
agreements and are denoted for each relation in the 
register REG1 in figure 5. This is exemplified by a quality 

15 of service Q having a level QoSl denoted on the list Lll 
for the relation Rll, which relation is defined by the 
service agent MAC address SAMAC1. The quality values, e.g. 
a bandwidth parameter, are utilzed when the traffic is 
shaped by shapers in the access system. As examples on 

20 shapers are shown, in figure 2, a shaper SHn in the edge 
access server EAS and a shaper SHk in the penult Pk. When 
shaping the traffic flow the shapers in the edge access 
server look on the service agent MAC addresses, which 
always appears in a transmitted frame either as source or 

25 destination address. With the aid of the address the shaper 
finds the corresponding value for the quality level, e.g. 
the value QoSl. In the embodiment when some of the 
relations were defined by its respective service agent MAC 
address and the further service access relation identifier, 

30 the shaper has to look also on the further identifier. The 
shaper SHk in the penult Pk can utilize the VLAN tag and 
the user port in a corresponding manner. The shaping 
includes in conventional manner buffering the frames, 
prioritizing with the aid of the priority tag PTG1 and 

35 sheduling. 
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It can happen that a participant tries to make more use of 
the access system ACC1 than the agreement allows, e.g. 
sends more traffic than it' is agreed. This means that the 
participant's traffic even after shaping takes more 
5 bandwidth than the bandwidth parameter allows. The system 
can look upon the unique service agent MAC address in the 
frames and compare with the agreement. In the relation that 
uses too much bandwidth the system can apply policing and 
delet some of the transmitted frames. Also for this 
10 function the system has to look on the further service 
access relation identifier in the alternative embodiment 
for identifying the relations. 

It can also happen that the users exchange their MAC 
addresses by some means and tries to utilize the access 

15 system ACC1 for communication between themselves and not 
with the service providers. To prevent such a behaviour the 
penults can have a traffic filter, e.g. a filter F21 at the 
user port UP21 in the penult P2 . The filter reads the 
addresses in the transmitted frames. Frames from the user 

20 devices may only have the service agent MAC addresses or 
the broadcast address as destination address. Frames to the 
user devices may only have the service agent MAC addresses 
as source address. Other addresses are not allowed and 
frames with such addresses are deleted in the filter. Also, 

25 broadcast messages from a user, which are not to be handled 
by any of the service agents, are deleted. 

The MAC addresses can have an internal address structure 
that is adapted to the structure of the access network 
ETH1 . This can simplify the implementation of the network 
30 and its components in the access system ACC1 . 
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CLAIMS 

An access system for communication between service 
providers and users via service access relations, the 
system including: 



an edge access server having 
with a connection intended 
providers ; 



at least one service agent 
for one of the service 



at least one penult having at least one user port intended 
for one of the users; and 



10 - an interconnecting arrangement, supporting exchanging of 
Ethernet frames, interconnecting the edge access server 
and the penults, 

the edge access server being arranged to dynamically 
allocate unique Ethernet MAC addresses to at least a part of 
15 the service agents, the unique Ethernet MAC addresses 
defining each one service access relation with one of the 
user ports. 

2_ An access system for communication between service 
providers and users via service access relations, the system 
20 including: 

an edge access server having at least one service agent 
with a connection intended for one of the service 
providers ; 

at least one penult having at least one user port intended 
25 for one of the users; and 

an interconnecting arrangement, supporting exchanging of 
Ethernet frames, interconnecting the edge access server 
and the penults, 
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the edge access server being arranged to dynamically 
allocate at least one Ethernet MAC address to each one of at 
least a part of the service agents, the edge access server 
also being arranged both to bind said Ethernet MAC addresses 
5 to the service access relations to the user ports and to 
bind relation identifiers to said service access relations, 
said identifier appearing in a header of a transmitted 
Ethernet frame. 

3. An access system for communication between service 
10 providers and users via service access relations, the system 
including: 

an edge access server having at least one service agent 
with a connection intended for one of the service 
providers; 

15 - at least one penult supporting multicast access having at 
least one user port intended for at least one user 
Ethernet VLAN; and 

an interconnecting arrangement, supporting exchanging of 
Ethernet frames, interconnecting the edge access server 
2 0 and the penults, said arrangement including switches 

supporting multicast, 

the edge access server being arranged to dynamically 
allocate Ethernet MAC addresses to at least one of the 
service agents, the Ethernet MAC address defining a 

25 multicast service access relation with at least one of the 
user ports, the edge access server being arranged to bind 
one and the same identification of one of the user Ethernet 
VLAN : s to the multicast service access relation, said user 
Ethernet VLAN identification being intended for the users 

30 participating in the multicast service. 
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4. An access system according to claim 1 or 2, said user 
port being intended for at least one user Ethernet VLAN, the 
edge access server being arranged to bind also an 
identification of one of the user Ethernet VLAN:s on said 

5 user port to the service access relation. 

5. An access system according to claim 3 or 4 including a 
register in the edge access server for the service access 
relations r the register including the service agent MAC 
address, the user port and the identification of the user 

10 Ethernet VLAN . 

6. An access system according to claim 3, 4 or 5 including: 

a handling system with a handler attributed to the penult 
and a broadcast handler attributed to the service agents ; 

the handler being arranged to receive a broadcast service 
15 attachment request from a user device having a user MAC 

address , the request including the user Ethernet VLAN 
identification; and 

the handler in the penult being arranged both to add to 
said service attachment request an identification of the 
20 user port and to send unicast the request with the user 

port identification to the broadcast handler. 

7. An access system according to claim 6 including: 

the broadcast handler being arranged both to note the user 
port and the Ethernet VLAN identification and to point out 
25 the corresponding one of the service agent MAC addresses; 

the broadcast handler being arranged to find the relevant 
service agent via the service agent MAC address; and 

said service agent being arranged to allocate an IP 
address for said user device having said user MAC address. 
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8. An access system according to claim 7 including said 
service agent being arranged to transmit to said user device 
via the service access relation, both said allocated user 
device IP address and its own IP address. 

5 9. An access system according to claim 5 or 8 including: 

the handler being arranged to receive from the user device 
a broadcast address resolution protocol broadcast message 
including the Ethernet VLAN identification; 

the handler being arranged to add to said address 
10 resolution broadcast message an identification of the user 

port; and 

the handler being arranged to transmit unicast said 
address resolution broadcast message with the user port 
identification to the broadcast handler. 

15 10. An arrangement according to claim 9 including: 

the broadcast handler being arranged to note the user port 
and the Ethernet VLAN identification and to find the 
relevant service agent MAC address; 

the broadcast handler being arranged to transmit the 
2 0 service agent MAC address to the handler in the penult; and 

the handler being arranged to transmit the service agent 
MAC address to the user device. 

11. An arrangement according to claim 5, 8 or 10 including, 
in the handler, a handler register including the user port 
25 and the Ethernet VLAN identification pointing out the 
service agent MAC address. 
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12. An arrangement according to claim 11 including: 

the handler being arranged to receive from the user 
device, an address resolution protocol broadcast message 
including the Ethernet VLAN identification; 

5 - the handler being arranged to find in the handler register 
the relevant service agent MAC address; and 

the handler being arranged to transmit the service agent 
MAC address to the user device. 

13. A method in an access system for communication between 
10 service providers and users, the system including: 

an edge access server having at least one service agent 
with a connection intended for one of the service 
providers ; 

at least one penult having at least one user port intended 
15 for one of the users; and 

an interconnecting arrangement, supporting exchanging of 
Ethernet frames, interconnecting the edge access server 
and the penults, 

the method including: 

20 - dynamically allocating in the edge access server unique 
Ethernet MAC addresses to at least a part of the service 
agents; and 

binding the unique service agent MAC addresses to solely 
each one service access relation with one of the user 
25 ports. 
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14. A method in an access system for communication between 
service providers and users, the system including: 

an edge access server having at least one service agent 
with a connection intended for one of the service 
5 providers; 

at least one penult having at least one user port intended 
for one of the users; and 

an interconnecting arrangement, supporting exchanging of 
Ethernet frames, interconnecting the edge access server 
10 and the penults, 

the method including: 

dynamically allocating in the edge access server at least 
one Ethernet MAC address to each one of at least a part of 
the service agents; 

15 - binding said Ethernet MAC addresses to the service access 
relations to the user ports; and 

binding relation identifiers to said service access 
relations, said identifier appearing in a header of a 
transmitted Ethernet frame. 

20 15. A method in an access system for communication between 
service providers and users via service access relations, 
the system including: 

an edge access server having at least one service agent 
with a connection intended for one of the service 
2 5 providers; 

at least one penult supporting multicast access having at 
least one user port intended for at least one user 
Ethernet VLAN; and 
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an interconnecting arrangement, supporting exchanging of 
Ethernet frames, interconnecting the edge access server 
and the penults, said arrangement including switches 
supporting multicast, 

5 the method including: 

dynamically allocating in the edge access server Ethernet 
MAC addresses to at least one of the service agents, the 
Ethernet MAC address defining a multicast service access 
relation with at least one of the user ports; and 

10 - binding one and the same identification of one of the user 
Ethernet VLAN : s to the 'multicast service access relation, 

said user Ethernet VLAN identification being intended for 
the users participating in the multicast service. 

16. A method in an access system according to claim 13 or 
15 14, said user port being intended for at least one user 

Ethernet VLAN, the method including binding an 

identification of one of the user Ethernet VLAN:s on said 
user port to the service access relation. 

17. A method in an access system according to claim 15 or 
20 16, the method including creating a register in the edge 

access server for the service access relations, the 

register including the service agent MAC address, the user 
port and the identification of the user Ethernet VLAN. 

18. A method in an access system according to claim 15, 16 
25 or 17, the access system including a handling system with a 

handler attributed to the penult and a broadcast handler 
attributed to the service agents, the method including: 

receiving in the handler a broadcast service attachment 
request from a user device having a user MAC address, the 
30 request including the user Ethernet VLAN identification; 



WO 03/067821 



PCT/SE02/00226 



31 

adding to said service attachment request an 
identification of the user port, the adding performed in 
the handler in the penult; and 

sending unicast the request with the user port 
5 identification to the broadcast handler. 



19. A method in an access system according to claim 18, the 
method including: 

noting in the broadcast handler the user port and the 
10 Ethernet VLAN identification; 

pointing out the one of the service agent MAC addresses 
that corresponds to the user port and the Ethernet VLAN 
identifications- 
finding the relevant service agent via the service agent 
15 MAC address; and 

allocating in said relevant service agent an IP address to 
said user device having said user MAC address. 

20. A method according to claim 19 the method including 
transmitting, via the service access relation, both said 

20 allocated user device IP address and an IP address for the 
allocating service agent to said user device. 

21. A method according to claim 17 or 20, the method 
including : 

receiving in the handler, from the user device, a 
25 broadcast address resolution protocol broadcast message 

including the Ethernet VLAN identification; 

adding to the message an identification of the user Portl- 
and 
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transmitting unicast from the handler said address 
resolution broadcast message with the user port 
identification to the broadcast handler. 

22. A method according to claim 21, the method including: 

5 - noting in the broadcast handler the user port and the 
Ethernet VLAN identification; 

finding the relevant service agent MAC address; 

transmitting the service agent MAC address to the handler 
in the penult; and 

10 - transmitting from the handler the service agent MAC 
address to the user device. 

23. A method according to claim 17, 20 or 22, the method 
including creating in the handler a handler register 
including the user port and the Ethernet VLAN identification 

15 pointing out the service agent MAC address. 

24. A method according to claim 23, the method including: 

receiving in the handler, from the user device, an address 
resolution protocol broadcast message including the 
Ethernet VLAN identification; 

20 - finding in the handler register the relevant service agent 
MAC address; and 

transmitting from the handler the service agent MAC 
address to the user device. 



25 
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